One specific incident where developers of a popular open source project cba'ed to step through the source code of another popular open source project demonstrates the fallacy of the meme.

On the other hand, the reasoning that "many eyeballs" makes code more secure while intuitive, AFAIK is not substantiated. The reason for this is because application programmers rarely have the skill set necessary to muck about with kernel internals. And vice versa.

However, if this incident causes the meme to be updated to something along the lines of "many eyeballs makes secure code, but with notable exceptions" I'd call that a vast improvement.

Which ist true. Not every fish in shallow water is caught by the fisher. It is just more likely.

Good coding style and good logical structures which lead to easily replaceable chunks of code can be done in closed-source as in open-source programs. IRIX, AIX and the likes have as clean code as the BSD's and Linux, I am sure about that.
On the other hand, lots of Software companies have to rush out the next release which makes lots of programmers resort to dirty hacks they want to "clean up later".

I one read some study comparing code quality of closed vs. open source software. OSS code quality is bad at the beginning, and if the project continues, the code quality increases. CSS has rather good code quality at the beginning, but it get worse than OSS code quality over time.